Spam, as you probably are aware, is the sending of commercial e-mail to people who have not requested that information. Spam can take a number of different forms, but it is all annoying. Unlike “junk mail” that comes via the postal service, that costs the sender a few cents to mail, sending spam is nearly free for the sender. The receiver (that´s us) pays most of the costs.

I hate spam. You hate spam. Considering all of the technology that exists, why does spam continue to be a problem? I believe that spam is a problem for two reasons. The first reason is that the people who operate the networks for most Internet service providers are either lazy or poorly skilled. They don´t want to bothered to eliminate the problem or they don´t know how to do it. The second reason is worse, Internet providers are making money from the senders of spam. Until customers force the providers to fix the problem, providers will continue to ignore it or claim that is can´t be solved. It can be solved. Maybe not 100% completely, but certainly nearly all spam could be stopped by the end of this week if the providers started working on it this Monday. I´m going to prove to you that they are lying. I´m going to prove it to you right here in black and white.

Internet Protocol (IP) and Transmission Control Protocol (TCP)

You need to understand how names on the Internet work. I´ll explain it simply here. The Internet is based on the IP protocol. IP stands for “Internet Protocol.” A protocol is just how two or more things interact with each other. For example, you know when you introduce your boss to your friend that you introduce your boss first, since that´s how introduction protocol works. It also specifies how you should do it “Mr. Smith, this is Bill Jones.” IP does the same thing for computers. IP protocols are layered, that is, one is built upon the other. TCP is a common IP protocol. TCP is commonly known as “TCP/IP” but it really is two separate protocols, one built on the other one.

Domain Name System (DNS)

The Internet tracks servers by a number. However, numbers are hard to remember while names are easier. The Internet uses the Domain Name System to convert names to numbers. DNS also has a built-in method that only allows the right people to create and change the names and the numbers related to each name.

You know something about the naming scheme. DNS is a hierarchical naming system. Each name consists of parts. Each part is maintained by a different entity. You probably have heard of the “COM” heirarchy. There also is a “GOV”, a “EDU” and a “MIL”. There are many others, too. Each is controlled by a different group. “GOV” is controlled by the U.S. Federal Government. “MIL” is controlled by the U.S. military. In each group, control moves to a different level. For example www.usmc.mil. MIL is the highest level domain name controlled by the military. The Marine Corps controls all of the names, and does the allocations for “usmc”. The name administrator created a name for their web server called “www”. The Marine´s administrator can create any name he wants for their servers, they just have to all be part of the “usmc.mil” domain. They could create ftp.usmc.mil or internal.usmc.mil. They would not be able to create a name like “promotions.navy.mil” or “marines.com” since they don´t have control over the “navy.mil” domain or the “.com” domain. They would have to have someone who has domain name authority in “usmc.mil” or “.com” create those names for them.

The names give computer users trying to access sites a method of looking up the server for that computer. IP works on 32 bit addresses. You probably have seen those addresses. They look like this “144.251.210.17”. Since those are hard for people to use, DNS translates names to numbers. An example is:

Name:    www.usmc.mil
Addresses:  192.156.19.109, 192.156.19.111

Someone who wants to view the web site for the U.S Marines could go to either the 192.156.19.109 server or the 192.156.19.111 server.

Application Layer

A server can host a number of different applications. Some common applications are file transfer (ftp), mail (smtp), and worldwide web (www). The server that you contact via the Internet knows what application server you want to contact by way of a socket number. Some sockets are well known and defined by a standard. Email mostly goes by way of socket number 25. Web page server use socket 80 for normal data and socket 443 for secure data. This is important because of something known as a firewall. I´m going to pull all of this together in the next section.

Sending and receiving email

Most people, when sending and receiving email, access servers from their ISP. People who use email at work often use servers maintained by their corporate IT department. Most people use programs like “Eudora”, “Netscape” or “Outlook” for email. These programs receive email from email servers by way of something called Post Office Protocol, version 3 (POP3). POP3 uses socket 110. When people send email from those programs, they send the email back to their company´s email server or their ISP´s email server via Simple Mail Transfer Protocol (SMTP) on port 25.

Spam preventer #1

Spammers don´t want to use the ISPs email server. The ISP´s server would track the huge volume of mail and stop it. They want to bypass the server and send e-mail directly to you. That means directly to your ISP´s mail server. The spammers have software that does a lookup of your ISPs mail server. Then, the spam program can send the email to your ISPs server completely bypassing their ISP´s checks. If every ISP put in a firewall that did not allow any traffic from their network to go out via port 25, that would force the spammers to use the ISP´s email servers. The ISP would not allow SPAM to be sent via their servers. No more spam!

Spam preventer #2

Sometimes, spammers don´t send email directly to your provider. They go through an intermediary using something called forwarders. That´s an email server that accepts a connection via SMTP from one computer, gets email, sees where it is going and then forward it by connecting to the next computer. This was important in the old days, because a lot of email went across the country by making hops from computer to computer. Many of these systems used dial-up connections. Each computer would connect to another computer that was in its local calling area, which would connect to the next local computer, and the next, and the next until the message reached the destination. Forwarding allowed long-distance transmission without having long distance phone connects. The Internet makes this unnecessary since all connections are “local”. There is no surcharge to connect from the United States to the United Kingdom, for example.

If your ISP set their mail server to not accept forwarded e-mail, then another source of spam goes away.

Spam preventer #3

Spammers use false identifiers to hid their identity. This is an actual SPAM email with the mail headers included. Normally, you don´t see these. I numbered each line for easy reference.

1. Return-path: <frazer@msn.com>
2. Received: from mtain07 (mtain07-qfe0.icomcast.net [172.20.3.70])
3. by msgstore01.icomcast.net
4. (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
5. with ESMTP id <0HEC002FY66KXG@msgstore01.icomcast.net>; Sat,
6. 03 May 2003 20:18:20 -0400 (EDT)
7. Received: from yu2now9919.com
8. (h-66-167-18-94.NYCMNY83.covad.net [66.167.18.94]) by mtain07.icomcast.net
9. (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
10. with SMTP id <0HEC001I3663QN@mtain07.icomcast.net>; Sat,
11. 03 May 2003 20:18:20 -0400 (EDT)
12. Date: Sat, 03 May 2003 17:18:39 -0700
13. From: nina parks <frazer@msn.com>
14. Subject: Password to Adult Site
15. To: bcelwood@comcast.net
16. Message-id: <0HEC001ID665QN@mtain07.icomcast.net>
17. MIME-version: 1.0
18. X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
19. X-Mailer: Microsoft Outlook Express 6.00.2600.0000
20. Content-type: text/html; charset=us-ascii
21. Content-transfer-encoding: 7bit

Line 7 shows that the email sender identified itself as being on the “yu2now9919.com” domain. My ISP´s email server has the IP address number of the sending computer so that they can communicate. My ISPs server (called mtain07.icomcast.net) did a reverse DNS lookup for “66.167.18.94” (see line 8) and found that the associated name was “h-66-167-18-94.NYCMNY83.covad.net”. Covad.net doesn´t look like “yu2now9919.com”, does it? My ISP should have been set to disconnect from the sender since the domain names do not match up. Result: No spam!

Spam preventer #4

There is another feature of DNS. Mail sending programs need to know what machine runs the email for each domain. It would be a pain if you needed to know all of the email server names at IBM to contact someone there. The mail exchange record (MX) in DNS helps identify mail exhangers. Looking at the above header, my provider´s mail server could have checked MX records too. The sender claimed to be “yu2now9919.com”. There´s a program called NSLOOKUP. NSLOOKUP looks up domain name information. By running NSLOOKUP we can do lookups, too. Here´s an example:

I ran this on Windows NT. You can also do it from Windows 2000 or most UNIX systems. I don´t know if the program is on Windows 95, 98, or ME. I ran NSLOOKUP a the Y: prompt. I then changed the server to point to 151.198.0.37. I then told nslookup to look for MX records. Then I had it lookup “yu2now9919.com”. It couldn´t find it. My ISP´s mail server should have done that and dropped the connection. Just for fun, I also did a lookup for “h-66-167-18-94.NYCMNY83.covad.net”, which was not found. The lookup for “covad.net” returned three addresses. Look at the mail exchanger line. It says “mail.covad.net”.

Conclusion

There are a few very simple things that Internet service providers can do to prevent spam. I do not know why they don´t do these things, but they don´t. I suppose that initially, some e-mail from providers who have badly defined networks would not be able to send e-mail. Too bad. They should fix their networks. If e-mail from their customers goes undelivered, they would fix their systems pretty fast.